cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5708
Views
5
Helpful
13
Replies

FirePower Remote Storage Management

-Sparrow-
Level 1
Level 1

Hello,

I've bee trying for a while to get my FMC to talk to remote storage so I can place my backups and reports there. For some reason my FMC refuses to talk to any remote storage device I have.  NFS, SMB (haven't tried SSH), neither work. I keep getting an error:FMC_Remote_Storage_Err.PNG

All passwords and usernames that I've tried are getting the error... Am I missing some kind of formatting here?  I use domain\username format or username@domain format. I've also just used the username.

Can someone please shed some light on me here?

Thanks!

 

 

13 Replies 13

Marvin Rhoads
Hall of Fame
Hall of Fame

I just tested it in my lab and it is working fine. FMC 6.5 to Windows Server 2016 with SMB sharing.

Here are the respective settings I have made:

 

FMC Remote Storage settingFMC Remote Storage settingServer 2016 SMB shareServer 2016 SMB share

 

Hi Marvin,

I thought maybe it had to do with the SMB version so I turned on SMB v1 but that still won't connect.  I used the exact same formatting as yours and I get this:

Cant Mount.PNG

I have the verified the share permissions and the user has R/W on it.

What else can I be missing here? 

Thank you.

The error message is quite ambiguous. Perhaps a packet capture on the target SMB hosting server would be informative. 

Hi Marvin,

Wireshark shows the SMB Negotiate Protocol Request being sent from the FMC but the destination host sends a RST flag resetting the connection.

Capture.PNG

I have no clue what could be causing this.

A TCP reset from the target host generally means it's not accepting connections on that port or protocol or else it restricts them to certain addresses (e.g. in Windows firewall).

You could try to mount the share as a network drive from another Windows PC as a test.

My working server is running Windows Server 2016 (all the latest updates applied) with Windows Firewall disabled.

Here's a screenshot of a Wireshark capture when it's working. As you can see in the decode, it's SMB2. SMB1 is insecure and deprecated and should NOT be enabled.

FMC SMB Test SuccessFMC SMB Test Success

 

Marvin, 

Thanks for your input here.  SMB2 appears to be working fine when I mount the share from other PC's. It's only the FMC that is having trouble.  Right now the FMC is only at v6.2.3.  I plan on moving up to 6.4.0.4 soon.  I wasn't able to connect to remote storage when it was at 6.2.2 either.

SMB2 Works.PNG

I already disabled SMB1, I just had it open for that last test.  I also have the Windows firewall disabled.  

Any other thoughts? I checked the access list in the FMC but that only seems to be for management access to the FMC using ports 22,443, and 161.

Thanks. 

There was one resolved SMB bug in 6.2.3.13 and a couple in 6.4.0.2 and 6.4.0.6. None of them should affect the basic operations though.

Given that the Windows server is sending a TCP reset, I strongly suspect a domain policy on the Windows side. I'm not enough of a server admin to point you to the right setting though. You may find an event in the Event Viewer on the Windows server that shines more light on the issue.

Hi @Marvin Rhoads ,

 

I ended up raising a ticket with TAC. The engineer is saying that the FMC only supports SMB1.  Does this sound right to you? He's recommending NFS or SSH since SMB isn't working.  Like you said, these are basic functions. I already tried with SMB1 and that wouldn't connect either.  It's got to be something else that I'm overlooking.

I don't usually contradict the TAC, but given that I have a packet capture showing SMB2 working between FMC and Windows Server 2016 I would say they are mistaken in this case.

If you can easily deploy a Windows Server 2016 instance in ESXi that's not joined to your domain, you might test with that. There are so many variables in an AD-joined Windows server that it's nearly impossible to guess which one might be preventing the successful mount.

The only other quick check you can do is change it to IP address vs hostname (if it's not already that way).  There error message is so ambiguous that it might be something like name resolution.

Hi Jason,

I had also tried using the IP of the host. I got the same ambiguous error that time also. I've tried two different hosts with he same results.  I ran Wireshark and as far as I can tell, the SMB negotiation gets reset for some strange reason.

dporod
Level 1
Level 1

I think it needs SMB1

I have SMB1 turned on so that's probably not the issue here.
Permissions are R/W for the user also on the share.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: